Method for enhancing captive portal service

Abstract

 For enhancing a captive portal service provided by a control entity (CE) to a communication device (CD), the control entity (CE) sends, after authentication of a user of the communication device, sending a status page about the captive portal to the communication device for a display of the status page in one tab of the browser, the status page containing a cookie that commands a browser in the communication device to make a request for a success redirect URL and an initial requested URL for a display of the two web pages in two other different tabs of the browser.

Description

FIELD OF THE INVENTION

[0001] The present invention pertains to a method for enhancing captive portal service provided by a control entity to a communication device.

BACKGROUND

[0002] Captive portal is a web based authentication mechanism which is enforced on the user who is classified into an edge profile for which the captive portal is enabled.

[0003] As of now upon captive portal successful authentication the status page is displayed indicating that login is successful and the pending session time and the logout button. After successful authentication the MAC (Media Access Control) of the user will be associated with a role (the access privileges) that offers him/her unrestricted access to the resource.

[0004] It also contains the captive portal URL (Uniform Resource Locator) which the end user can store in the favorites if he intends to access at a later point of time to logout or to view the status.

[0005] The current implementation has the following two drawbacks:

• if success redirect URL is configured on the entity managing the captive portal, then instead of the status page the user is redirected to the configured success redirect URL. Thus, the user can not store the status page URL which he can use later for logout or to view the status.
• there is no possibility to redirect the user to the original URL he wanted to access upon successful authentication.

[0006] There is a need for a simple solution to help the user to access quickly to desired URLs.

SUMMARY

[0007] This summary is provided to introduce concepts related to the present inventive subject matter. This summary is not intended to identify essential features of the claimed subject matter nor is it intended for use in determining or limiting the scope of the claimed subject matter.

[0008] In accordance with one embodiment, a method is provided for enhancing a captive portal service provided by a control entity to a communication device, comprising the following steps in the control entity:

after authentication of a user of the communication device, sending a status page about the captive portal to the communication device for a display of the status page in one tab of the browser, the status page containing a cookie that commands a browser in the communication device to make a request for a success redirect URL and an initial requested URL for a display of the two web pages in two other different tabs of the browser.

[0009] Advantageously, the user has access seamlessly to the status page, the success redirect page and the initial requested page.

[0010] The invention also pertains to a control entity for enhancing a captive portal service provided by a control entity to a communication device, comprising:

means for sending, after authentication of a user of the communication device, a status page about the captive portal to the communication device for a display of the status page in one tab of the browser, the status page containing a cookie that commands a browser in the communication device to make a request for a success redirect URL and an initial requested URL for a display of the two web pages in two other different tabs of the browse.

[0011] In an embodiment, the control entity is one of server, a router and a switch.

[0012] The invention also pertains to computer program capable of being implemented within a control entity, said program comprising instructions which, when the program is executed within said control entity, carry out steps according to the method according to the invention.

BRIEF DESCRIPTION OF THE FIGURES

[0013] Some embodiments of the present invention are now described, by way of example only, and with reference to the accompanying drawings. The same reference number represents the same element or the same type of element on all drawings.

FIG. 1 is a schematic block diagram of a communication system according to one embodiment of the invention for enhancing captive portal service.

FIG. 2 is a flow chart illustrating a method for enhancing captive portal service according to one embodiment of the invention.

[0014] The same reference number represents the same element or the same type of element on all drawings.

DESCRIPTION OF EMBODIMENTS

[0015] The figures and the following description illustrate specific exemplary embodiments of the invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described or shown herein, embody the principles of the invention and are included within the scope of the invention. Furthermore, any examples described herein are intended to aid in understanding the principles of the invention, and are to be construed as being without limitation to such specifically recited examples and conditions. As a result, the invention is not limited to the specific embodiments or examples described below, but by the claims and their equivalents.

[0016] Referring to FIG. 1, a communication system comprises a control entity CE and a communication device CD which are able to communicate between them through at least a telecommunication network TN.

[0017] The telecommunication network TN may be a wired or wireless network, or a combination of wired and wireless networks.

[0018] The telecommunication network TN can be associated with a packet network, for example, an IP ("Internet Protocol") high-speed network such as the Internet or an intranet, or even a company-specific private network.

[0019] The communication device CD can be a personal computer or a laptop, a tablet, a smart phone, a phablet, for instance. More generally it concerns any type of electronic equipment comprising a communication module, capable of establishing connection with the telecommunication network to exchange data with other communication equipments.

[0020] The control entity CE is a network entity that is able to communicate with the communication device CD and that allows access to a service, like access to Internet, requiring user authentication. The control entity CE manages a database containing user identifiers and user profiles. For example, the control entity can be implemented in a server or router or switch.

[0021] The control entity CE comprises a network interface NI to communicate with the communication device, an authentication server, like a Radius Server, an intranet server and servers in the network.

[0022] The control entity CE comprises role assignment engine RAE that implements a captive portal technique that forces an HTTP client to see a special web page, for authentication purposes.

[0023] The control entity CE comprises an internal server IS that manages URLs requested by devices communicating with the control entity.

[0024] In one embodiment, the internal server IS is implemented in an entity independent from the control entity CE.

[0025] With reference to FIG. 2, a method for handling passwords for service authentication according to one embodiment of the invention comprises steps S1 to S6 executed within the communication system.

[0026] In step S1, the user of the communication device CD connects to the control entity CE in order to get access to Internet, to a web site for example.

[0027] When the user opens a web browser trying to access a web site, the role assignment engine RAE of the control entity CE triggers a captive portal pre-login role that traps packets, such as HTTP/HTTPS/HTTP PROXY packets, into an internal server IS.

[0028] The user is classified in an edge profile for which captive portal property is enabled. The user's MAC address is learnt with captive portal pre-login role (restricted access privileges). The pre-login role enables trapping of the HTTP packets to the internal server IS running on the control entity CE.

[0029] When the initial HTTP request comes from the communication device of user, the internal server retrieves an initial requested URL included in the HTTP request accessed and stores the initial requested URL.

[0030] In step S2, the internal server IS sends the captive portal login page to the communication device of the user, asking for credentials.

[0031] The user enters the credentials, such as user name and password, in the login page and submits the entered credentials that are sent from the communication device to the internal server IS.

[0032] In step S3, the internal server IS forwards the credentials to the control entity CE.

[0033] The control entity CE authenticates the user with collaboration with the Radius Server.

[0034] In step S4, if the authentication is successful, the internal server IS in the control entity CE produces a HTTP response which contains a status page about the captive portal to the communication device of the user.

[0035] The HTTP response contains a cookie describing information about a success redirect URL and the initial requested URL, that was previously stored. The cookie commands the browser in the communication device to make a request to the control entity CE to get the success redirect URL and the initial requested URL.

[0036] The control entity CE sends the HTTP response to the communication device of the user.

[0037] In step S5, when the HTTP response is received by the communication device, the browser displays the captive portal status page on one tab. The cookie initiates HTTP requests for the success redirect URL and the initial requested URL to servers hosting these respective URLs.

[0038] The communication device sends two requests based on the content of the cookie, one request for the success redirect URL to the server hosting the success redirect URL and one request for the initial requested URL to the server hosting the initial requested URL.

[0039] In step S6, the server hosting the initial requested URL sends a response with a web page corresponding to the initial requested URL to the communication device. Also the server hosting the success redirect URL sends a response with a web page corresponding to the success redirect URL to the communication device

[0040] The browser displays the web page corresponding to success redirect URL and the web page corresponding to the initial requested URL each in a new tab.

[0041] Finally, with the cookie included in the HTTP response sent from the control entity in step S4, the browser of the communication device is able to automatically display of all three following URLs by making use of the multi tab support of the browser:

1. Status Page

2. Initial URL request by the user

3. Success Redirect URL configured on the control entity

[0042] The invention described here relates to a method and a control entity for enhancing captive portal service. According to one implementation of the invention, steps of the invention are determined by the instructions of a computer program incorporated into a control entity, such as the control entity CE. The program comprises program instructions which, when said program is loaded and executed within the control entity, carry out the steps of the method.

[0043] Consequently, the invention also applies to a computer program, particularly a computer program on or within an information medium, suitable to implement the invention. This program may use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other form desirable for implementing the method according to the invention.

Claims

1. A method for enhancing a captive portal service provided by a control entity (CE) to a communication device (CD), comprising the following steps in the control entity (CE):

after authentication of a user of the communication device, sending (S4) a status page about the captive portal to the communication device for a display of the status page in one tab of the browser, the status page containing a cookie that commands a browser in the communication device to make a request for a success redirect URL and an initial requested URL for a display of the two web pages in two other different tabs of the browser.

2. A control entity (CE) for enhancing a captive portal service provided by a control entity (CE) to a communication device (CD), comprising:

means (IS) for sending, after authentication of a user of the communication device, a status page about the captive portal to the communication device for a display of the status page in one tab of the browser, the status page containing a cookie that commands a browser in the communication device to make a request for a success redirect URL and an initial requested URL for a display of the two web pages in two other different tabs of the browser.

3. A control entity (CE) according to claim 2, wherein the control entity is one of server, a router and a switch.

4. A computer program capable of being implemented within a control entity (CE) for enhancing a captive portal service provided by a control entity (CE) to a communication device (CD), said program comprising instructions which, when the program is loaded and executed within said control entity, carry out the following steps:

after authentication of a user of the communication device, sending (S4) a status page about the captive portal to the communication device for a display of the status page in one tab of the browser, the status page containing a cookie that commands a browser in the communication device to make a request for a success redirect URL and an initial requested URL for a display of the two web pages in two other different tabs of the browser.

Drawing